1.1.3.1763 Update

Author: YuZhouRen86

00-Common Headers/KexDll.h

@@ -111,6 +111,8 @@
 #define STATUS_DLL_NOT_IN_SYSTEM_ROOT			DEFINE_KEX_NTSTATUS(NTSTATUS_ERROR, 11)
 #define STATUS_PATH_TOO_SHORT					DEFINE_KEX_NTSTATUS(NTSTATUS_ERROR, 12)
 
+#define STATUS_NOT_SAME_OBJECT					0xC00001AC
+
 #define KEXDATA_FLAG_PROPAGATED				1	// Indicates that this process was spawned from a VxKex-enabled parent
 #define KEXDATA_FLAG_IFEO_OPTIONS_PRESENT	2	// Indicates that this process has VxKex options set in IFEO
 #define KEXDATA_FLAG_MSIEXEC				4	// Indicates that this process is %SystemRoot%\system32\msiexec.exe
@@ -325,6 +327,14 @@ typedef PVOID TYPEDEF_TYPE_NAME(DLL_DIRECTORY_COOKIE);
 
 #pragma endregion
 
+#pragma region Nt* functions
+
+KEXAPI NTSTATUS NTAPI NtCompareObjects(
+	IN	HANDLE	FirstObjectHandle,
+	IN	HANDLE	SecondObjectHandle);
+
+#pragma endregion
+
 #pragma region Kex* functions
 
 KEXAPI NTSTATUS NTAPI KexInitializePropagation(

00-Common Headers/KxBase.h

@@ -39,6 +39,7 @@
 // undocumented STARTUPINFO flag
 #define STARTF_HASSHELLDATA		0x400
 
+#define ERROR_NOT_SAME_OBJECT					1656L
 #define APPMODEL_ERROR_NO_PACKAGE				15700L
 #define APPMODEL_ERROR_NO_APPLICATION			15703L
 
@@ -577,6 +578,28 @@ typedef enum _FILE_INFO_BY_NAME_CLASS {
 	MaximumFileInfoByNameClass
 } TYPEDEF_TYPE_NAME(FILE_INFO_BY_NAME_CLASS);
 
+typedef struct PACKAGE_VERSION {
+	union {
+		UINT64		Version;
+		struct {
+			USHORT	Revision;
+			USHORT	Build;
+			USHORT	Minor;
+			USHORT	Major;
+		} DUMMYSTRUCTNAME;
+	} DUMMYUNIONNAME;
+} TYPEDEF_TYPE_NAME(PACKAGE_VERSION);
+
+typedef struct PACKAGE_ID {
+	UINT32			reserved;
+	UINT32			processorArchitecture;
+	PACKAGE_VERSION	version;
+	PWSTR			name;
+	PWSTR			publisher;
+	PWSTR			resourceId;
+	PWSTR			publisherId;
+} TYPEDEF_TYPE_NAME(PACKAGE_ID);
+
 #pragma endregion
 
 #if defined(KEX_ENV_WIN32)
@@ -699,6 +722,10 @@ KXBASEAPI BOOL WINAPI GetProcessMitigationPolicy(
 	OUT	PVOID						Buffer,
 	IN	SIZE_T						BufferCb);
 
+KXBASEAPI BOOL WINAPI IsProcessCritical(
+	IN	HANDLE	ProcessHandle,
+	OUT	PBOOL	Critical);
+
 //
 // file.c
 //

00-Common Headers/KxCom.h

@@ -643,9 +643,118 @@ KXCOMAPI HRESULT WINAPI WindowsPromoteStringBuffer(
 // firefoxpatch.c
 //
 
-HRESULT WINAPI Ext_CoCreateInstance(
-	IN	REFCLSID	rclsid,
-	IN	LPUNKNOWN	pUnkOuter,
-	IN	DWORD		dwClsContext,
-	IN	REFIID		riid,
-	OUT	LPVOID		*ppv);
+KXCOMAPI HRESULT WINAPI Ext_CoCreateInstance(
+	IN	REFCLSID	RefCLSID,
+	IN	LPUNKNOWN	OuterUnknown,
+	IN	ULONG		ClassContext,
+	IN	REFIID		RefIID,
+	OUT	PPVOID		Instance);
+
+KXCOMAPI HRESULT WINAPI Ext_CoCreateInstanceEx(
+	IN		REFCLSID		RefCLSID,
+	IN		LPUNKNOWN		OuterUnknown,
+	IN		ULONG			ClassContext,
+	IN		COSERVERINFO	*ServerInfo,
+	IN		ULONG			NumberOfInterfaces,
+	IN OUT	MULTI_QI		*Interfaces);
+
+KXCOMAPI HRESULT WINAPI Ext_CoGetClassObject(
+	IN	REFCLSID		RefCLSID,
+	IN	ULONG			ClassContext,
+	IN	COSERVERINFO	*ServerInfo	OPTIONAL,
+	IN	REFIID			RefIID,
+	OUT	PPVOID			ClassObject);
+
+typedef enum _OLE_TLS_FLAGS {
+	OLETLS_LOCALTID					= 0x01,		// This TID is in the current process.
+	OLETLS_UUIDINITIALIZED			= 0x02,		// This Logical thread is init'd.
+	OLETLS_INTHREADDETACH			= 0x04,		// This is in thread detach. Needed
+												// due to NT's special thread detach
+												// rules.
+	OLETLS_CHANNELTHREADINITIALZED	= 0x08,		// This channel has been init'd
+	OLETLS_WOWTHREAD				= 0x10,		// This thread is a 16-bit WOW thread.
+	OLETLS_THREADUNINITIALIZING		= 0x20,		// This thread is in CoUninitialize.
+	OLETLS_DISABLE_OLE1DDE			= 0x40,		// This thread can't use a DDE window.
+	OLETLS_APARTMENTTHREADED		= 0x80,		// This is an STA apartment thread
+	OLETLS_MULTITHREADED			= 0x100,	// This is an MTA apartment thread
+	OLETLS_IMPERSONATING			= 0x200,	// This thread is impersonating
+	OLETLS_DISABLE_EVENTLOGGER		= 0x400,	// Prevent recursion in event logger
+	OLETLS_INNEUTRALAPT				= 0x800,	// This thread is in the NTA
+	OLETLS_DISPATCHTHREAD			= 0x1000,	// This is a dispatch thread
+	OLETLS_HOSTTHREAD				= 0x2000,	// This is a host thread
+	OLETLS_ALLOWCOINIT				= 0x4000,	// This thread allows inits
+	OLETLS_PENDINGUNINIT			= 0x8000,	// This thread has pending uninit
+	OLETLS_FIRSTMTAINIT				= 0x10000,	// First thread to attempt an MTA init
+	OLETLS_FIRSTNTAINIT				= 0x20000,	// First thread to attempt an NTA init
+	OLETLS_APTINITIALIZING			= 0x40000	// Apartment Object is initializing
+} TYPEDEF_TYPE_NAME(OLE_TLS_FLAGS);
+
+typedef struct _SWindowData {
+	HWND				Window;
+	ULONG				FirstMessage;
+	ULONG				LastMessage;
+} TYPEDEF_TYPE_NAME(SWindowData);
+
+typedef struct _CAptCallCtrl {
+	IMessageFilter		*MessageFilter;
+	BOOL				InMessageFilter;
+	PVOID				TopCML;			// original datatype: CCliModalLoop
+	SWindowData			WindowData[2];
+} TYPEDEF_TYPE_NAME(CAptCallCtrl);
+
+// NtCurrentTeb()->ReservedForOle points to one of these structures.
+// See tagSOleTlsData in oletls.h (nt5src) for descriptions of values.
+// The full definition of this structure can be found in the public symbol
+// files for ole32.dll (this one is incomplete, I've replaced most of the
+// pointers with PVOIDs and there is stuff missing from the end)
+typedef struct _SOleTlsData {
+	PVOID			pvThreadBase;
+	PVOID			pSmAllocator;
+	ULONG			dwApartmentID;
+	ULONG			dwFlags; // OLETLS_*
+	LONG			TlsMapIndex;
+	PVOID			*ppTlsSlot;
+	ULONG			cComInits;
+	ULONG			cOleInits;
+	ULONG			cCalls;
+	PVOID			pCallInfo;
+	PVOID			pFreeAsyncCall;
+	PVOID			pFreeClientCall;
+	PVOID			pObjServer;
+	ULONG			dwTIDCaller;
+	PVOID			pCurrentCtx;
+	PVOID			pEmptyCtx;
+	PVOID			pNativeCtx;
+	ULONGLONG		ContextId; // This is 64-bit even on the 32-bit version of ole32.dll
+	PVOID			pNativeApt;
+	IUnknown		*pCallContext;
+	PVOID			pCtxCall;
+	PVOID			pPS;
+	PVOID			pvPendingCallsFront;
+	PVOID			pvPendingCallsBack;
+	CAptCallCtrl	*pCallCtrl; // Initialized by CAptCallCtrl::CAptCallCtrl in ole32.dll
+	PVOID			pTopSCS;
+	IMessageFilter	*pMsgFilter;
+	HWND			hwndSTA;
+	LONG			cORPCNestingLevel;
+	ULONG			cDebugData;
+	GUID			LogicalThreadId;
+	PVOID			hThread;
+	PVOID			hRevert;
+	IUnknown		*pAsyncRelease;
+	HWND			hwndDdeServer;
+	HWND			hwndDdeClient;
+	ULONG			cServeDdeObjects;
+	PVOID			pSTALSvrsFront;
+	HWND			hwndClip;
+	IDataObject		*pDataObjClip;
+	ULONG			dwClipSeqNum;
+	ULONG			fIsClipWrapper;
+	IUnknown		*punkState;
+	ULONG			cCallCancellation;
+	ULONG			cAsyncSends;
+	PVOID			pAsyncCallList;
+	PVOID			pSurrogateList;
+	PVOID			pRWLockTlsEntry;
+	//...
+} TYPEDEF_TYPE_NAME(SOleTlsData);

00-Common Headers/NtDll.h

@@ -1602,7 +1602,12 @@ typedef struct _TEB {
 	// to me and there were shitloads of structures to copy so I gave up.
 	PVOID								ActivationContextStackPointer;
 
+#ifdef _M_X64
 	UCHAR								SpareBytes[0x18];
+#else
+	UCHAR								SpareBytes[0x24];
+#endif
+
 	ULONG								TxFsContext;
 
 	GDI_TEB_BATCH						GdiTebBatch;
@@ -2927,12 +2932,28 @@ typedef struct _LDR_RESOURCE_INFO {
 	ULONG_PTR	Language;
 } TYPEDEF_TYPE_NAME(LDR_RESOURCE_INFO);
 
+typedef enum _EVENT_INFORMATION_CLASS {
+	EventBasicInformation
+} TYPEDEF_TYPE_NAME(EVENT_INFORMATION_CLASS);
+
+typedef struct _EVENT_BASIC_INFORMATION {
+	EVENT_TYPE EventType;
+	LONG EventState;
+} TYPEDEF_TYPE_NAME(EVENT_BASIC_INFORMATION);
+
 #pragma endregion
 
 STATIC PKUSER_SHARED_DATA SharedUserData = (PKUSER_SHARED_DATA) 0x7FFE0000;
 
 #pragma region Nt* function declarations
 
+NTSYSCALLAPI NTSTATUS NTAPI NtQueryEvent(
+	IN	HANDLE					EventHandle,
+	IN	EVENT_INFORMATION_CLASS	EventInformationClass,
+	OUT	PVOID					EventInformation,
+	IN	ULONG					EventInformationLength,
+	OUT	PULONG					ReturnLength OPTIONAL);
+
 NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(
 	IN		HANDLE						ObjectHandle,
 	IN		OBJECT_INFORMATION_CLASS	ObjectInformationClass,

00-Common Headers/vautogen.h

@@ -3,4 +3,4 @@ HeaderFile=..\..\00-Common Headers\vautogen.h
 MajorVersion=1
 MinorVersion=1
 PatchLevel=3
-BuildNumber=1584
+BuildNumber=1763

00-Documentation/Application Compatibility List.docx

@@ -209,4 +209,37 @@ KXBASEAPI LONG WINAPI AppPolicyGetThreadInitializationType(
 
 	*InitializationType = AppPolicyThreadInitializationType_None;
 	return ERROR_SUCCESS;
+}
+
+KXBASEAPI LONG WINAPI PackageIdFromFullName(
+	IN		PCWSTR			PackageFullName,
+	IN		CONST ULONG		Flags,
+	IN OUT	PULONG			BufferLength,
+	OUT		BYTE			*Buffer OPTIONAL)
+{
+	if (!PackageFullName || !BufferLength || *BufferLength && !Buffer) {
+		return ERROR_INVALID_PARAMETER;
+	}
+
+	*BufferLength = 0;
+
+	return ERROR_NOT_FOUND;
+}
+
+KXBASEAPI LONG WINAPI GetPackagePath(
+	IN		PCPACKAGE_ID	PackageID,
+	CONST ULONG				Reserved,
+	IN OUT	PULONG			PathLength,
+	OUT		PWSTR			Path OPTIONAL)
+{
+	if (!PackageID || Reserved != 0 || !PathLength || *PathLength != 0 && !Path) {
+		return ERROR_INVALID_PARAMETER;
+	}
+
+	if (*PathLength != 0) {
+		Path[0] = '\0';
+	}
+
+	*PathLength = 0;
+	return ERROR_SUCCESS;
 }

00-Documentation/Changelog.txt

@@ -239,4 +239,98 @@ KXBASEAPI BOOL WINAPI GetFileInformationByName(
 
 	RtlSetLastWin32Error(ERROR_NOT_SUPPORTED);
 	return FALSE;
+}
+
+KXBASEAPI BOOL WINAPI Ext_DeviceIoControl(
+	IN		HANDLE			DeviceHandle,
+	IN		ULONG			IoControlCode,
+	IN		PVOID			InBuffer OPTIONAL,
+	IN		ULONG			InBufferSize,
+	OUT		PVOID			OutBuffer OPTIONAL,
+	IN		ULONG			OutBufferSize,
+	OUT		PULONG			BytesReturned OPTIONAL,
+	IN OUT	LPOVERLAPPED	Overlapped OPTIONAL)
+{
+	ULONG DummyBytesReturned;
+
+	//
+	// Microsoft's documentation lists the BytesReturned (lpBytesReturned) parameter
+	// as being optional. However, on Windows 7, the BytesReturned parameter is only
+	// really optional when the Overlapped parameter is non-null.
+	//
+	// To summarize:
+	//
+	// Parameter combination                       | Result (Win7)    | Result (Win8)
+	// --------------------------------------------+------------------+---------------
+	// Overlapped == NULL && BytesReturned != NULL | OK               | OK
+	// Overlapped == NULL && BytesReturned == NULL | Access violation | OK
+	// Overlapped != NULL && BytesReturned == NULL | OK               | OK
+	// Overlapped != NULL && BytesReturned != NULL | OK               | OK
+	//
+	// This is a discrepancy in behavior which was silently changed in Win8. An
+	// additional check was added to the branch of code which is executed when
+	// Overlapped == NULL.
+	//
+	// The fix is very simple, as you can see:
+	//
+
+	if (BytesReturned == NULL) {
+		BytesReturned = &DummyBytesReturned;
+	}
+
+	return DeviceIoControl(
+		DeviceHandle,
+		IoControlCode,
+		InBuffer,
+		InBufferSize,
+		OutBuffer,
+		OutBufferSize,
+		BytesReturned,
+		Overlapped);
+}
+
+KXBASEAPI BOOL WINAPI Ext_ReadFile(
+	IN		HANDLE			FileHandle,
+	OUT		PVOID			Buffer,
+	IN		ULONG			NumberOfBytesToRead,
+	OUT		PULONG			NumberOfBytesRead OPTIONAL,
+	IN OUT	LPOVERLAPPED	Overlapped OPTIONAL)
+{
+	ULONG DummyNumberOfBytesRead;
+
+	// See comment in Ext_DeviceIoControl for why this is necessary.
+	// They changed the behavior of ReadFile in Windows 8 as well.
+	if (NumberOfBytesRead == NULL) {
+		NumberOfBytesRead = &DummyNumberOfBytesRead;
+	}
+
+	return ReadFile(
+		FileHandle,
+		Buffer,
+		NumberOfBytesToRead,
+		NumberOfBytesRead,
+		Overlapped);
+}
+
+KXBASEAPI BOOL WINAPI Ext_WriteFile(
+	IN		HANDLE			FileHandle,
+	IN		PCVOID			Buffer,
+	IN		ULONG			NumberOfBytesToWrite,
+	OUT		PULONG			NumberOfBytesWritten OPTIONAL,
+	IN OUT	LPOVERLAPPED	Overlapped OPTIONAL)
+{
+	ULONG DummyNumberOfBytesWritten;
+
+	// See comment in Ext_DeviceIoControl for why this is necessary.
+	// They changed the behavior of WriteFile in Windows 8 as well.
+	if (NumberOfBytesWritten == NULL) {
+		NumberOfBytesWritten = &DummyNumberOfBytesWritten;
+	}
+
+	return WriteFile(
+		FileHandle,
+		Buffer,
+		NumberOfBytesToWrite,
+		NumberOfBytesWritten,
+		Overlapped);
 }